The application programming interfaces (APIs) of communication services expose subscriber information such as charging capability, location, and profile to third party applications. For API providers, this creates legal and security issues. Currently, no solution enables secure sharing of APIs with subscriber consent. Moreover, typically, if a subscriber wants to consent to access to their information by a third party application, they have to give full access to the third party application and there is no solution that enables the subscriber to grant limited access of a defined scope.
Open Authorization Protocol (OAuth) is an open standard for authorization. OAuth allows users to, for example, share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their credentials, typically supplying username and password tokens instead. Each token grants access to a specific site (e.g., a video editing site) for specific resources (e.g., just videos from a specific album) and for a defined duration (e.g., the next 2 hours). This allows a user to grant a third party site access to their information stored with another service provider, without sharing their access permissions or the full extent of their data. However, the OAuth protocol is insufficient for secure scoped sharing of communication services in a telecommunications network.